Map type BPF_MAP_TYPE_SOCKMAP
The socket map is a specialized map type which hold network sockets as value.
Usage
This map type can be use too lookup a pointer to a socket with the bpf_map_lookup_elem helper function, which then can be passed to helpers such as bpf_sk_assign or the a map reference can be used directly in a range of helpers such as bpf_sk_redirect_map, bpf_msg_redirect_map and bpf_sk_select_reuseport. All of the above cases redirect a packet or connection in some way, the details differ depending on the program type and the helper function, so please visit the specific pages for details.
Note
Sockets returned by bpf_map_lookup_elem are ref-counted, so the caller must call bpf_sk_release in all code paths where the returned socket is not NULL before exiting the program. This is enforced by the verifier which will throw a Unreleased reference error if socket pointers are not released.
This map can also be manipulated from kernel space, the main use-case for doing so seems to be to manage the contents of the map automatically from program types that trigger on socket events. This would allow 1 program to manage the contents of the map, and another to do the actual redirecting on packet events.
BPF_PROG_TYPE_SK_MSG and BPF_PROG_TYPE_SK_SKB programs can be attached to this map type. When a socket is inserted into the map, its socket callbacks will be replaced with these programs.
The attach types for the map programs are:
msg_parserprogram -BPF_SK_MSG_VERDICT.stream_parserprogram -BPF_SK_SKB_STREAM_PARSER.stream_verdictprogram -BPF_SK_SKB_STREAM_VERDICT.skb_verdictprogram -BPF_SK_SKB_VERDICT.
A sock object may be in multiple maps, but can only inherit a single parse or verdict program. If adding a sock object to a map would result in having multiple parser programs the update will return an EBUSY error.
Warning
Users are not allowed to attach stream_verdict and skb_verdict programs to the same map.
Attributes
The value_size must always be 4 and the key_size must always be 8.
Syscall commands
The following syscall commands work with this map type:
Helper functions
- bpf_sk_redirect_map
- bpf_sock_map_update
- bpf_map_delete_elem
- bpf_msg_redirect_map
- bpf_sk_select_reuseport
- bpf_map_lookup_elem
- bpf_map_update_elem
Flags
BPF_F_NUMA_NODE
When set, the numa_node attribute is respected during map creation.
BPF_F_RDONLY
Setting this flag will make it so the map can only be read via the syscall interface, but not written to.
For details please check the generic description.
BPF_F_WRONLY
Setting this flag will make it so the map can only be written to via the syscall interface, but not read from.
BPF_F_RDONLY_PROG
Setting this flag will make it so the map can only be read via helper functions, but not written to.
For details please check the generic description.
BPF_F_WRONLY_PROG
Setting this flag will make it so the map can only be written to via helper functions, but not read from.
For details please check the generic description.